Hi all,
I found a small bug in both vpopmail 5.4 and 5.5. It has to do with the
`write_file' functionality in vpopmaild. The file owner was not set, so
that - when you're running vpopmaild as root - the file is owned by
root. As far as I know vpopmaild can only mutate files that are inside
the vpopmail domain directory - which indeed is completely owned by the
vpopmail user. The included patch changes the owner of the newly created
file to the vpopmail user. It also sets the umask to vpopmail's standard
(077).
The patch is for 5.4.27, but the bug also exists in the current 5.5 SVN
branch. (Ow yeah, small remark: why is this file opened as `w+', I don't
see any reading of the file.)
--
Kind regards,
Harm van Tilborg
Tiscom Hosting B.V.
!DSPAM:4aa8ec1132711908363805!
--- vpopmail-5.4.27-vanilla/vpopmaild.c 2009-02-18 18:27:22.000000000 +0100
+++ vpopmail-5.4.27/vpopmaild.c 2009-09-10 13:50:16.000000000 +0200
@@ -1550,6 +1550,8 @@
FILE *fs;
static char tmpbuf[1024];
+ umask(VPOPMAIL_UMASK);
+
/* must supply directory parameter */
if ((oldfilename=strtok(NULL,TOKENS))==NULL) {
show_error( ERR_FNAME_REQD, 2001 );
@@ -1572,6 +1574,13 @@
}
fclose(fs);
+ /* Change ownership */
+ if ( chown(filename,VPOPMAILUID,VPOPMAILGID) == -1 ) {
+ snprintf(WriteBuf,sizeof(WriteBuf),RET_ERR "0.2003 %s" RET_CRLF,
+ strerror(errno));
+ return(-1);
+ }
+
snprintf(WriteBuf,sizeof(WriteBuf), RET_OK);
return(0);
}
!DSPAM:4aa8ec1132711908363805!
